#!/bin/sh
#
# About
# -----
# Check the expiry date of the SSL certificate on the given host.
#
# License
# -------
# Copyright (c) 2013-2015 by Steve Kemp.  All rights reserved.
#
# This script is free software; you can redistribute it and/or modify it under
# the same terms as Perl itself.
#
# The LICENSE file contains the full text of the license.

# Simple function to show usage information, and exit.
usage()
{
  echo "Usage: $0 [-d] [-p 443] domain1.org domain2.com .. domainN"
  exit 0
}

# Default settings for flags set by the command-line arguments
days=0
port=443

# Parse the argument(s) - i.e. look for "-d" / "-p 443".
while getopts "h?dp:" opt; do
  case $opt in
    h)
      usage
      ;;
    \?)
      usage
      ;;
    d)
      days=1
      ;;
    p)
      port=$OPTARG
      ;;
  esac
done
shift $((OPTIND - 1))

# Ensure we have some arguments
if [ "$#" = "0" ]; then
  usage
fi

# For each domain-name on the command-line.
for name in "$@"; do

  # Make a temporary file
  # Try GNU syntax first, fall back to BSD
  if tmp=$(mktemp 2> /dev/null) && [ -f "$tmp" ]; then
    # GNU mktemp succeeded
    :
  else
    # Try BSD syntax
    tmp=$(mktemp -t tmp)
  fi

  # Download the certificate
  if (! echo "" | openssl s_client -connect "$name:$port" > "$tmp" 2> /dev/null); then
    rm -f "$tmp"
    echo "Failed to get cert from https://$name:$port/"
    exit 3
  fi

  # Get the expiry date
  date=$(openssl x509 -in "$tmp" -noout -enddate | awk -F= '{print $2}')

  # Remove the temporary file
  rm -f "$tmp"

  # Convert the expiry date + todays date to seconds-past epoch
  # Try GNU syntax first, fall back to BSD
  if then=$(date --date "$date" +%s 2> /dev/null); then
    # GNU date succeeded
    :
  else
    # BSD date requires manual parsing
    year=$(echo "$date" | awk '{print $4}')
    month=$(echo "$date" | awk '{print $1}')
    day=$(echo "$date" | awk '{print $2}')
    hour=$(echo "$date" | awk '{print $3}' | awk -F: '{print $1}')
    minute=$(echo "$date" | awk '{print $3}' | awk -F: '{print $2}')
    second=$(echo "$date" | awk '{print $3}' | awk -F: '{print $3}')
    then=$(date -v"${year}"y -v"${month}" -v"${day}"d -v"${hour}"H -v"${minute}"M -v"${second}"S -u +%s)
  fi

  now=$(date +%s)

  # Day diff
  diff=$(("$then" - "$now"))
  diff=$((diff / 86400))

  # All done
  if [ "$days" = "1" ]; then
    echo "${name}: ${diff}"
  else
    echo "$name"
    echo "    Expires: ${date}"
    echo "    Days: ${diff}"
  fi
done